Last week I wrote that the US had restructured its fraud prosecution architecture. This week, the new National Fraud Enforcement Division put numbers on the page, $340 million in enforcement actions in a single seven-day period, while FinCEN escalated its focus on healthcare fraud, international law enforcement recovered tens of millions from crypto scams, and Southeast Asian scam compounds continued their globalisation despite high-profile crackdowns. Regulatory architecture is hardening on both sides of the Atlantic. The question, as always, is whether enforcement is keeping pace with displacement.

The $340 Million Week: DOJ’s Fraud Division Delivers Its First Scorecard

In its first full week of operation, the DOJ’s National Fraud Enforcement Division announced arrests, convictions, and sentences representing over $340 million in taxpayer fraud. Individual cases ranged from $54,000 to over $100 million. The scorecard includes the sentencing of a Minneapolis man to 43 months for his role in a $250 million scheme exploiting a federally funded child nutrition programme during COVID-19, and a San Diego plea involving $14 million laundered from Medicare proceeds.

This is precisely the kind of rapid, high-visibility output one would expect from a newly created enforcement unit seeking to demonstrate legitimacy. Assistant Attorney General Colin McDonald’s statement,

“No matter the amount, we are steadfast in our effort to eliminate fraud”

signals a doctrinal shift from selective prosecution of large schemes to comprehensive prosecution across the loss spectrum. From a rational choice perspective, this matters: the perceived certainty of detection and prosecution is more determinative of offending decisions than the severity of any individual sentence. The question for the next twelve months is whether this pace is sustainable, or whether it represents a front-loaded surge designed to establish reputational effect.

FinCEN’s Healthcare Fraud Advisory: Whole-of-Government Signalling

On 30 March, FinCEN issued its Healthcare Fraud Advisory (FIN-2026-A001), directing financial institutions to monitor for Medicare, Medicaid, and other benefit programme fraud. The advisory lists 24 specific red flags, including spike billing, customers connected to foreign jurisdictions, and recently established companies exhibiting dramatic increases in activity. Nixon Peabody’s analysis characterises this as part of a “whole-of-government” anti-fraud posture.

For criminologists, the interesting question is why healthcare? The DOJ recovered a record $5.7 billion in healthcare False Claims Act cases recently, by some measures the most financially productive enforcement domain in federal practice. Routine activity theory explains the target-rich environment: high transaction volumes, asymmetric information, third-party payers, and structurally weak guardianship at the point of claim. The advisory shifts meaningful surveillance obligations onto financial institutions, effectively conscripting them as guardians against schemes their customers may be running. This is situational crime prevention at scale, but it requires financial institutions to understand medical billing, which remains a significant competence gap.

FinCEN’s Whistleblower Rule: A Structural Turn

Alongside the healthcare advisory, FinCEN issued a Notice of Proposed Rulemaking to establish a formal whistleblower program under the Bank Secrecy Act, offering awards of 10–30% of collected monetary penalties for tips leading to successful enforcement. This is not cosmetic reform. It represents what the JD Supra analysis correctly identifies as

“a structural shift in U.S. financial enforcement architecture: moving from a model historically centred on regulatory reporting toward an incentivised, insider-driven enforcement regime.”

Criminologically, this matters because transactional data, the substrate of Suspicious Activity Report–based enforcement, rarely captures intent, internal communications, or the structural design of complex schemes – insiders do. The SEC and CFTC whistleblower programmes, which have both generated significant enforcement returns, are the clear blueprint. Expect a substantial increase in actionable intelligence, but also a measurable rise in retaliation disputes, contested scope determinations, and strategic self-reporting by firms trying to beat whistleblowers through the door.

$1.8 Billion Interdicted: FinCEN’s Rapid Response Program Hits a Milestone

FinCEN announced that its Rapid Response Program has facilitated the interdiction of more than $1.8 billion in stolen funds since its 2015 inception, including $268 million since the start of 2025. The programme operates across more than 96 foreign jurisdictions and has recovered $425.2 million in business email compromise losses, $49.8 million in investment fraud, and $54.5 million from phone scams.

This is genuinely important data for an under-reported question: what is the actual recovery rate once fraudulent funds cross borders? The figures suggest that rapid, cross-jurisdictional financial intelligence can meaningfully interdict funds before laundering completes, but only when victims and institutions report within the window in which funds remain traceable. The dark figure of unreported fraud is therefore not just an epidemiological problem; it is a direct cause of irrecoverable loss.

Operation Atlantic: $45 Million in Approval Phishing Disrupted

US, UK, and Canadian law enforcement announced the results of Operation Atlantic on 9 April: $12 million frozen, more than $45 million in total crypto theft identified, over 20,000 victim wallet addresses flagged, and 120 scam domains dismantled. The operation specifically targeted “approval phishing”, a technique where victims are tricked into granting wallet access rather than surrendering their private keys. Chainalysis’s analysis confirms this is now the dominant pig-butchering vector.

One UK victim lost more than £52,000 in a single approval phishing transaction. The scale is useful context: phishing losses in January 2026 alone exceeded $300 million, against which $12 million recovered is a meaningful but modest intervention. What Operation Atlantic demonstrates is the value of the enforcement-industry intelligence loop – Chainalysis and TRM Labs supplied the blockchain analytics, public agencies supplied the legal authority. This is the operational model the UK’s Online Crime Centre is built on, and it is already validating the theory.

The US Crackdown on Southeast Asian Scam Compounds: A Status Report

The Week’s reporting on pig-butchering compounds and the US–China Economic and Security Review Commission’s March update on China-Linked Scam Centres paint a consistent picture: the model is globalising. Chinese pressure dismantled notorious hubs including the KK Park complex in Myawaddy, Myanmar. Thai forces shelled sites during last year’s border conflict with Cambodia. China has arrested hundreds of thousands and executed eleven members of the “Ming family” crime group after extradition from Myanmar. A joint FBI–Thai operation in March 2026 led to 21 arrests and shut down 150,000 scam-linked assets.

But the compounds are appearing in Peru, the Philippines, and, notably, the Isle of Man. This isn’t just a far-from-home problem. AI-assisted scams grew 450% from 2023–24 to 2024–25. This is a textbook displacement dynamic: suppression in one jurisdiction produces geographical and technological adaptation rather than cessation. The trafficking element is simultaneously reducing (because AI removes the need for multilingual human labour) and persisting (because the compound infrastructure still requires operators). The criminological implication is that enforcement needs to target the capital and logistics networks that sustain compounds – not the physical sites themselves, which are increasingly disposable.

Florida Recovers $5.4 Million in Single Crypto Romance Operation

Florida Attorney General James Uthmeier announced the recovery of $5.4 million in a romance-turned-investment cryptocurrency scam – the largest single-operation crypto recovery in the state’s history. $700,000 is being returned to Florida victims and $1.3 million to Massachusetts victims. Florida’s Cyber Fraud Enforcement Unit has now recovered $7.2 million since its founding two and a half years ago.

This is a meaningful datapoint on state-level capacity. The historical assumption has been that meaningful crypto recovery requires federal resources. Florida’s CFEU result suggests that dedicated, specialised state-level units can operate effectively within this space, at least in the recovery phase, which relies on blockchain traceability and exchange cooperation rather than prosecutorial reach. The model is likely to spread to other states with significant victim populations, particularly California and New York.

OCC April Enforcement: The Elder-Abuse Banking Line

The OCC’s April 2026 enforcement actions include prohibition orders against two former associate bankers for offences: Shaira Ahmed at JP Morgan Chase embezzled more than $73,000 from customer accounts; Marissa Murillo at BMO Bank made unauthorised withdrawals from an elderly customer’s accounts totalling more than $164,000. A consent order against The Federal Savings Bank addresses deceptive cash-out VA refinance practices targeting veterans.

These cases illustrate something my own research has consistently shown: insider-enabled financial abuse of vulnerable populations, particularly the elderly, operates in the grey zone between occupational fraud and abuse-of-position offending. It is not sophisticated. It does not require organised crime infrastructure. It requires access and opportunity, and it relies on the same guardianship deficit that external scams exploit. Situational crime prevention in banking needs to apply to insider risk with the same rigour it applies to customer authentication.

The $17.4 Million LA Mortgage Fraud Case: Organised Elder Targeting

Federal agents arrested nine individuals tied to a sophisticated $17.4 million mortgage fraud scheme targeting elderly homeowners across Santa Monica, Hollywood, and Westwood. The group allegedly stole identities, posed as property owners, submitted fraudulent loan applications, and funnelled money through shell accounts using synthetic identities. The indictment includes fabricated death certificates and fraudulent notarisations. The investigation was led by the FBI’s Eurasian Organised Crime Task Force.

This case is worth close reading because it operationalises the structural argument made in Gilbert and Levi’s recent empirical study of UK mortgage fraud networks, that organised mortgage fraud functions through dense, specialised social networks with clearly differentiated roles. The LA indictment reads as a near-perfect case study: identity theft specialists, document fabricators, notaries, money laundering conduits, and foreign national components (the group included an Iranian national with an outstanding removal warrant and an Azerbaijani green-card holder). This is not opportunistic offending. It is a criminal enterprise, and the “house stealing” label obscures the financial engineering that makes it work.

New Research Worth Reading

A notable new paper: Decentralized Crime: Fraud, Cybercrime and Legal Enforcement (Mohamed, 2025) applies Strain Theory, Routine Activity Theory, and Rational Choice Theory to DeFi-enabled financial crime. It argues that privacy-enhancing technologies (Monero, Zcash) and jurisdictional decentralisation structurally reshape opportunity, guardianship, and detection in ways that traditional crime prevention theory has not yet accommodated. For anyone working on crypto regulation, this is a useful theoretical bridge.

The second part of Alikhadzhiyeva’s examination of criminal practices against women masquerading as romance has been published, the first part proposed a criminological classification of “trust” victimhood in catfishing, investment fraud, and even terrorist recruitment schemes. It resonates directly with the trust exploitation frameworks I have been developing in my own work on fraud vulnerability, particularly on how psychological need is weaponised rather than simply exploited.

Also worth reading: Evaluating Compliance Based Crime Prevention in Lahore’s Banks (Sarfaraz et al., 2025), which assesses KYC and AML effectiveness against digital financial crime in Pakistani banks. The finding, that technology is necessary but insufficient without staff training and institutional oversight, echoes the conclusions of every serious UK review of AML effectiveness in the last five years.

And Crypto-Asset Laundering is a Fraud Crime (G’ulommamatova, 2025) makes a doctrinal argument that crypto-laundering should be recognised as a distinct form of fraud rather than an ancillary offence. The argument is worth engaging with, if jurisdictions adopt this framing, prosecutorial strategy and sentencing dynamics change meaningfully.

What I Am Watching

The DOJ Fraud Division’s second-week scorecard. Week one produced $340 million. Whether the cadence holds tells us whether this is sustained enforcement or front-loaded reputational work. (DOJ announcement)

Comments on the FinCEN BSA whistleblower NPRM. The shape of the final rule, particularly on scope of covered violations and retaliation protection, will determine whether insiders actually come forward. (FinCEN NPRM analysis)

The FCA’s next Enforcement Watch newsletter. The January edition flagged listed issuers, unauthorised business, and inadequate oversight as priorities. Watch for the first post-transparency-policy public naming of a firm under investigation. (FCA Enforcement Watch 1)

Follow-up on Operation Atlantic’s $33 million unresolved tranche. The framework for tracing and repatriating those funds will be the real test of the public-private intelligence model. (Chainalysis summary)

Scam compound relocation data. The globalisation of Southeast Asian compound infrastructure to Peru, the Philippines, and beyond will likely be the defining fraud-geography story of 2026. (USCC update)